Harvesting the Low-hanging Fruits: Defending Against Automated Large-Scale Cyber-Intrusions
by Focusing on the Vulnerable Population

Venue

Publication Year

Authors

BibTeX

Abstract

The orthodox paradigm to defend against automated social-engineering attacks in
large-scale socio-technical systems is reactive and victim-agnostic. Defenses
generally focus on identifying the attacks/ attackers (e.g., phishing emails,
social-bot infiltration, malware offered for download). To change the status quo,
we propose to identify, even if imperfectly, the vulnerable user population, that
is, the users that are likely to fall victim to such attacks. Once identified,
information about the vulnerable population can be used in two ways. First, the
vulnerable population can be influenced by the defender through several means
including: education, specialized user experience, extra protection layers and
watchdogs. In the same vein, information about the vulnerable population ultimately
be used also be used to fine-tune and reprioritize defense mechanisms to offer
differentiated protection, possibly at the cost of additional friction generated by
the defense mechanism. Secondly, information about the user population can be used
to identify an attack (or compromised users) based on differences between the
general and the vulnerable population. This paper considers the implications of the
proposed paradigm on existing defenses in three areas (phishing of user
credentials, malware distribution and socialbot infiltration) and discusses how
using knowledge of the vulnerable population can enable more robust defenses.